Académique Documents
Professionnel Documents
Culture Documents
JPL engineers graduate from top schools at the top of their class. They are used to being right in their design and engineering decisions. I have to get them comfortable thinking about all the things that can go wrong.
- Gentry Lee, Chief Systems Engineer, NASA JPL
The cultural position of the risk function Companies that failed had relegated risk management to a compliance function, with no access to top management.
HBOS had "a cultural indisposition to challenge" and that the task of "being a risk and compliance manager felt a bit like being a man in a rowing boat trying to slow down an oil tanker.
UK Treasury Committee (7th report); Paul Moore
an organizational culture and incentives that encourage cost cutting and cutting of corners that reward workers for doing it faster and cheaper, but not better. Management failure crippled the ability of individuals involved to identify the risks they faced, and to properly evaluate, communicate, and address them.
-The National Commissions Report to the President
Organizational biases:
Groupthink
Rather than mitigating risk, firms incubate risk through the normalization of deviance
Companies need to anchor risk discussions in their strategy formulation and implementation processes.
11
12
Active prevention: monitoring operational processes and guiding peoples behaviors and decisions toward desired norms
13
Reduce the probability that the assumed risks materialize and improve the companys ability to contain the risk events should they occur
14
Management must focus on identification (obvious only in hindsight) and mitigation of their impact
15
16
o Pay $1.6 billion in fines and $850 million for internal investigations by outside lawyers and accountants.
o Nine former members of Managing Board sued for $28.3 million for breaching fiduciary duties o Two former CEOs agree to pay more than $10 million to settle cases brought against them.
18
19
Heroes risks:
Career risk Professional ostracism
Loss of status
Financial loss Loss of credibility
20
Boundaries
Importance of strong internal control systems and independent internal audit department
21
The Mission
Medicine is for people, not for profits. The profits follow, and if we have remembered that, they have never failed to appear. - George Merck, CEO and founders son (1950).
Boundary Systems
Opportunity Space
Boundary System
24
One size does not fit all In terms of the structures and roles for the risk management function
However, all encourage employees to challenge existing assumptions and debate risk information
26
27
I. Independent Experts
High intrinsic risk, but risk changes slowly over time
Authority over budgets: establishes cost and time reserves according to its degree
of risk
28
29
30
31
II. Facilitators
Risk stems largely from seemingly unrelated operational choices across a complex organization that accumulate gradually and can remain hidden for a long time Risk management by a small central risk-management group that collects information from operating managers Hydro One
CRO runs workshops with employees from all levels and functions
Employees identify and rank the principal risks to the strategic objectives
Capital allocation and budgeting decisions linked to identified risks
32
33
34
Companies can achieve an integrated risk perspective by anchoring their discussions in strategic planning
35
Infosys
As we asked ourselves about what risks we should be looking at, we gradually zeroed in on risks to business objectives specified in our corporate scorecard.
MD Raganath, CRO, Infosys
Management realized that strategy had introduced a new risk factor: client default.
Implication: monitor CDS rates of large clients etc....
36
Volkswagen do Brasil
Risk discussions generated from the companys strategy map
Risk events identified for each objective Risk Event Card prepared for each risk High-level summary of results presented to senior management
37
38
39
Infosys:
Dual structure: central risk team; specialized functional teams
40
41
Some external risk events sufficiently imminent for managers to manage them like their strategy risks
Eg: risk of increased protectionism at Infosys
42
43
Scenario planning
Systematic process for defining the plausible boundaries of future states of the world Long-range analysis (typically 5-10 year)
War-gaming
Assesses a firms vulnerability to disruptive technologies or changes in competitors strategies
44
Wrap-up
45
Most companies need a separate function to handle strategy- and externalrisk management
46
Do you have a risk appetite policy that is well understood by every member of the organization?
47
Dumb questions
Lack traction, and is relatively easy for a CEO or CRO to answer and deflect without revealing much of substance
The answers to banks of dumb questions are more likely to be self- reinforcing and reveal little about the real risk management.
Power, M., Smart and Dumb Questions to Ask About Risk Management. Risk Watch, May 2011
48
When was the last time something was stopped in the organization because it was considered too risky?
How do you feel about meetings with the chief risk officer? Do you feel you talk to your chief risk officer enough? What are the three most important bits of management information that you use each day? What do they tell you, if anything, about risk?
Power, M., Smart and Dumb Questions to Ask About Risk Management. Risk Watch, May 2011
49
Can you envisage being able to veto developments? Did you ever try, and why?
Are you involved in product development from the beginning? If not, why not?
Power, M., Smart and Dumb Questions to Ask About Risk Management. Risk Watch, May 2011
50
51
Thank you!